Sure, they do spoof, but one could write a script that pokes around the
message content, looking for a URL or signature and use that instead.

I found some rulesets, 70_sare_evilnum*.cf, that seem to do what I want, but
I don't know how to use them; documentation is scarce for SpamAssassin. Does
anyone know what these files are and how to use them?

mouss-2 wrote:
> FractalBob wrote:
>> Can SpamAssassin be configured to use the domain in the sender e-mail
>> address
>> or in the message content itself as an input parameter to, say, a WHOIS
>> search, in order to locate either the sender or his ISP? I know this
>> would
>> be expensive, since it would require going out to the network, but it
>> could
>> be really useful. TIA!

> - there is no usable whois interface for that. most whois sites will
> blacklist you if you knock them too much.
> - since spammers often forge the sender address, you don't really care
> of the corresponding whois infos.

View this message in context:
Sent from the SpamAssassin - Users mailing list archive at